changetrack is a program to monitor changes to files. If files are modified one day, and the machine starts working incorrectly some days later, changetrack can provide information on which files were modified, and help locate the problem. Changetrack will also allow recovery of the files from any stage.
emlog is a Linux kernel module that makes it easy to access the most recent (and only the most recent) output from a process. It works just like "tail -f" on a log file, except that the storage required never grows. This can be useful in embedded systems where there isn't enough memory or disk space for keeping complete log files, but the most recent debugging messages are sometimes needed.
fireparse is an ADMLogger plugin that emails a report of all packets that have been logged by the kernel's packet filtering subsystem (iptables/netfilter or ipchains). The report includes source and destination ports, direction, logged packet count, matched rule, and fully resolved host names (if available). The email report can be formatted to plain text or a colored HTML table.
Firewall Log Daemon is a program written in C which will watch for ipchains or iptables log alerts in realtime. The program will start a small daemon process that parses and resolves firewall logs by reading a FIFO that syslog writes to. It can queue a batch of alerts and mail them to you, or can be used in a script to crunch an existing log file or data stream. It features hostname, port, protocol, and ICMP type/code lookup, with output formatted by a user-defined template.
The ip-masq-log patch can be used on a masquerading firewall (NAT) to keep a log of all the outgoing masqueraded TCP connections. It's even possible to log the name of the user who has opened the connection. This can be a useful security tool for many small networks that are hidden by a masquerading box if users cannot be totally trusted.
iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.
Isoqlog is an MTA log analysis program written in C. It is designed to scan qmail, Postfix, Sendmail, and Exim logfiles and produce usage statistics in HTML for viewing through a browser. It produces a "top domains" statistic according to sender, receiver, total mails, and bytes, and keeps the main domain mail statistics with regard to day's top domain, and top users values for per day, per month, and per year.